Section 1
Roles and responsibilities
This Data Processing Addendum defines the relationship between LaserPulse and its customers when processing personal data subject to GDPR.
Data Controller
Customer
Determines the purpose and means of processing personal data
Data Processor
LaserPulse (LAK Technology Inc)
Processes personal data only on the Customer's instructions
Section 2
Processing scope
LaserPulse processes the following categories of data on behalf of customers:
- User account data (name, email)
- Content inputs and campaign data
- Integration and OAuth token data
- Platform usage and analytics data
We process this data only to deliver the LaserPulse service as described in the Terms of Service. We do not process data for our own commercial purposes.
Section 3
Sub-processors
We use the following sub-processors to deliver the service. All sub-processors are bound by appropriate data protection agreements.
- Stripe — payment processing
- OpenAI — AI content generation
- Google Vertex AI — AI image and content processing
- Cloud hosting providers — infrastructure and storage
We will notify customers of any material changes to our sub-processor list with reasonable advance notice.
Section 4
Security measures
LaserPulse implements appropriate technical and organizational measures to protect personal data, including:
- Encryption of data in transit using TLS
- Access controls limiting data access to authorized personnel
- Regular security monitoring and logging
- Secure credential handling for platform integrations
Section 5
International data transfers
LaserPulse is based in the United States. When transferring data from the EU to the US, we rely on:
- Standard contractual clauses (SCCs) where applicable
- Contractual safeguards with sub-processors
- Standard transfer mechanisms recognized under GDPR
Section 6
Data subject requests
We assist customers in fulfilling their obligations to data subjects, including:
- Access requests — providing data exports upon request
- Deletion requests — removing personal data from our systems
- Correction requests — updating inaccurate data
- Portability requests — providing data in a machine-readable format
Requests should be submitted to [email protected]. We will respond within 30 days.
Section 7
Breach notification
In the event of a personal data breach, LAK Technology Inc will notify affected customers without undue delay and within 72 hours of becoming aware of the breach, where feasible. Notification will include the nature of the breach, categories of data affected, and measures taken to address it.
Section 8
Data deletion and retention
Upon termination of a customer's account:
- Personal data can be deleted upon written request to [email protected]
- Backup copies may persist temporarily for up to 90 days
- We retain data required for legal compliance as long as legally required